Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2013 Ran by SYSTEM on MININT-J406RO7 on 23-10-2013 23:14:57 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [4081008 2012-03-07] (ESET) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated) HKLM-x32\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, [x] HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN HKU\Default\...\Policies\system: [WallpaperStyle] 2 HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN HKU\Default User\...\Policies\system: [WallpaperStyle] 2 HKU\Mirek\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-22] (Google Inc.) HKU\Mirek\...\Run: [baacafecaacc] - C:\ProgramData\baacafecaacc.exe [296448 2013-09-21] () HKU\Mirek\...\Policies\system: [WallpaperStyle] 2 HKU\Mirek\...\Winlogon: [Shell] explorer.exe <==== ATTENTION Startup: C:\Users\Mirek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\27tw8zowl.lnk ShortcutTarget: 27tw8zowl.lnk -> C:\PROGRA~3\lwoz8wt72.dss () ==================== Services (Whitelisted) ================= S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation) S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-09-18] (DealPly Technologies Ltd) S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-09-18] (DealPly Technologies Ltd) S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [913144 2012-03-07] (ESET) S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation) S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] () S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.) S2 Winmgmt; C:\PROGRA~3\27tw8zowl.pss [61544 2013-10-23] (Microsoft Corporation) S2 Winmgmt; C:\PROGRA~3\27tw8zowl.pss [61544 2013-10-23] (Microsoft Corporation) S2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [209768 2012-03-13] (ESET) S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [148528 2012-03-13] (ESET) S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [137144 2012-03-13] (ESET) S4 eabfiltr; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-23 23:14 - 2013-10-23 23:14 - 00000000 ____D C:\FRST 2013-10-23 10:47 - 2013-10-23 10:47 - 00000000 ____H C:\Users\Mirek\AppData\Local\BITE233.tmp 2013-10-23 10:47 - 2013-10-23 10:47 - 00000000 _____ C:\Users\Mirek\AppData\Local\{31D2405E-FFF3-44E4-B368-A5393B6702DA} 2013-10-23 10:09 - 2013-10-23 10:09 - 00000000 ____H C:\Users\Mirek\AppData\Local\BITD1E2.tmp 2013-10-23 10:09 - 2013-10-23 10:09 - 00000000 _____ C:\Users\Mirek\AppData\Local\{F965FD3F-82F1-4934-B196-D282C622BB24} 2013-10-23 02:25 - 2013-10-23 02:25 - 00000000 ____H C:\Users\Mirek\AppData\Local\BITD816.tmp 2013-10-23 02:25 - 2013-10-23 02:25 - 00000000 _____ C:\Users\Mirek\AppData\Local\{78D91957-ED23-4E33-A6A5-B8F9C4B4F803} 2013-10-23 01:16 - 2013-10-23 12:55 - 95025368 ____T C:\ProgramData\27tw8zowl.bxx 2013-10-23 01:16 - 2013-10-23 12:47 - 00000000 _____ C:\ProgramData\27tw8zowl.fvv 2013-10-23 01:16 - 2013-10-23 01:16 - 00128512 _____ C:\ProgramData\lwoz8wt72.dss 2013-10-23 01:16 - 2013-10-23 01:16 - 00061544 ____T (Microsoft Corporation) C:\ProgramData\27tw8zowl.pss 2013-10-10 20:44 - 2013-10-10 20:44 - 00000000 ____D C:\Users\Mirek\Desktop\Rzym 2013-10-10 20:18 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-10 20:18 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-10 20:18 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-10 20:18 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-10 20:18 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-10 20:18 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-10-10 20:18 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-10-10 20:18 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-10-10 20:18 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-10-10 20:18 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-10-10 20:18 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-10-10 20:18 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-10-10 20:18 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-10 20:18 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-10-10 20:18 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-10 20:17 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-10 20:17 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-10 20:17 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-10 20:17 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-10 20:17 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-10 20:17 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-10 20:17 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-10 20:17 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-10 20:17 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-10-10 20:17 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-10-10 20:17 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-10-10 20:17 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-10-10 20:17 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-10-10 20:17 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-10-10 20:17 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-10-10 20:17 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-10-09 20:37 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll 2013-10-09 20:37 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-09 20:36 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll 2013-10-09 20:36 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll 2013-10-09 20:36 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll 2013-10-09 20:36 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll 2013-10-09 20:36 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-09 20:36 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-09 20:36 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-09 20:36 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2013-10-09 20:36 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-09 20:36 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-09 20:35 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys 2013-10-09 20:35 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys 2013-10-09 20:35 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys 2013-10-09 20:34 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll 2013-10-09 20:34 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll 2013-10-09 20:34 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-09 20:34 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-09 20:34 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys 2013-10-09 20:34 - 2013-07-02 20:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys 2013-10-09 20:34 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys 2013-10-09 20:34 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys 2013-10-09 20:33 - 2013-09-13 17:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys 2013-10-09 20:33 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-10-09 20:33 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll 2013-10-09 20:33 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-09 20:33 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-10-09 20:33 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-10-09 20:33 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll 2013-10-09 20:33 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-10-09 20:33 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll 2013-10-09 20:33 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-09 20:33 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-09 20:33 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-09 20:33 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-09 20:33 - 2013-08-28 17:50 - 00159744 _____ C:\Users\Mirek\AppData\Roaming\Other.res 2013-10-09 20:33 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-09 20:33 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-10-09 20:32 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-09 20:32 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-09 20:32 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-09 20:32 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-09 20:32 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-09 20:31 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-10-09 20:31 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 20:31 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 20:30 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll 2013-10-06 10:54 - 2013-10-06 10:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-10-23 23:14 - 2013-10-23 23:14 - 00000000 ____D C:\FRST 2013-10-23 21:29 - 2010-03-22 07:41 - 00000000 ____D C:\ProgramData\Recovery 2013-10-23 12:55 - 2013-10-23 01:16 - 95025368 ____T C:\ProgramData\27tw8zowl.bxx 2013-10-23 12:47 - 2013-10-23 01:16 - 00000000 _____ C:\ProgramData\27tw8zowl.fvv 2013-10-23 12:47 - 2013-09-18 11:24 - 00000900 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job 2013-10-23 12:47 - 2010-03-22 11:49 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-23 12:47 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-23 12:47 - 2009-07-13 20:51 - 02282328 _____ C:\Windows\setupact.log 2013-10-23 12:26 - 2010-08-25 10:10 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C20AB8E9-1996-4E12-AAC6-6BBB477C9F32} 2013-10-23 12:24 - 2013-09-18 11:24 - 00000290 _____ C:\Windows\Tasks\Dealply.job 2013-10-23 12:22 - 2009-10-19 15:18 - 02066555 _____ C:\Windows\WindowsUpdate.log 2013-10-23 12:18 - 2010-03-22 11:49 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-23 11:58 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-23 11:58 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-23 11:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-10-23 10:47 - 2013-10-23 10:47 - 00000000 ____H C:\Users\Mirek\AppData\Local\BITE233.tmp 2013-10-23 10:47 - 2013-10-23 10:47 - 00000000 _____ C:\Users\Mirek\AppData\Local\{31D2405E-FFF3-44E4-B368-A5393B6702DA} 2013-10-23 10:29 - 2013-09-18 11:24 - 00000904 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job 2013-10-23 10:09 - 2013-10-23 10:09 - 00000000 ____H C:\Users\Mirek\AppData\Local\BITD1E2.tmp 2013-10-23 10:09 - 2013-10-23 10:09 - 00000000 _____ C:\Users\Mirek\AppData\Local\{F965FD3F-82F1-4934-B196-D282C622BB24} 2013-10-23 09:12 - 2009-07-13 21:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-23 06:07 - 2012-11-18 15:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2013-10-23 06:07 - 2009-10-19 15:49 - 00576906 _____ C:\Windows\PFRO.log 2013-10-23 03:35 - 2012-11-18 15:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-10-23 02:25 - 2013-10-23 02:25 - 00000000 ____H C:\Users\Mirek\AppData\Local\BITD816.tmp 2013-10-23 02:25 - 2013-10-23 02:25 - 00000000 _____ C:\Users\Mirek\AppData\Local\{78D91957-ED23-4E33-A6A5-B8F9C4B4F803} 2013-10-23 01:16 - 2013-10-23 01:16 - 00128512 _____ C:\ProgramData\lwoz8wt72.dss 2013-10-23 01:16 - 2013-10-23 01:16 - 00061544 ____T (Microsoft Corporation) C:\ProgramData\27tw8zowl.pss 2013-10-22 20:26 - 2009-09-05 10:11 - 00738208 _____ C:\Windows\System32\perfh015.dat 2013-10-22 20:26 - 2009-09-05 10:11 - 00154864 _____ C:\Windows\System32\perfc015.dat 2013-10-22 20:26 - 2009-07-13 21:13 - 01663484 _____ C:\Windows\System32\PerfStringBackup.INI 2013-10-19 14:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-10-19 04:43 - 2010-06-02 05:09 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2013-10-19 04:42 - 2011-10-29 07:57 - 00000000 _____ C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-10-19 04:31 - 2010-03-22 07:16 - 00000000 ____D C:\users\Mirek 2013-10-16 11:50 - 2010-03-22 11:49 - 00000000 ____D C:\Users\Mirek\AppData\Local\Google 2013-10-13 08:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-10-10 20:44 - 2013-10-10 20:44 - 00000000 ____D C:\Users\Mirek\Desktop\Rzym 2013-10-10 20:40 - 2009-07-13 20:45 - 00455424 _____ C:\Windows\System32\FNTCACHE.DAT 2013-10-10 20:39 - 2012-05-13 19:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-10 20:39 - 2012-05-13 19:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-10 20:14 - 2013-09-18 11:30 - 01639622 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-10-07 08:06 - 2010-03-24 05:03 - 00000000 ____D C:\Users\Mirek\AppData\Local\Mozilla 2013-10-06 11:16 - 2010-04-21 06:25 - 00000000 ____D C:\Users\Mirek\AppData\Local\Microsoft Games 2013-10-06 10:55 - 2013-10-06 10:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-06 07:13 - 2010-03-22 11:49 - 00004042 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-06 07:13 - 2010-03-22 11:49 - 00003790 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-09-29 10:42 - 2010-12-03 10:43 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMirek 2013-09-29 10:42 - 2010-12-03 10:43 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForMirek.job Files to move or delete: ==================== C:\Users\Mirek\AppData\Roaming\cache.ini C:\ProgramData\baacafecaacc.exe C:\ProgramData\dsgsdgdsgdsgw.pad C:\ProgramData\libnspr4.dll C:\ProgramData\lsass.exe Some content of TEMP: ==================== C:\Users\Mirek\AppData\Local\Temp\bocjlhgoqtgvttmualvq.exe C:\Users\Mirek\AppData\Local\Temp\fvJcrgR.exe C:\Users\Mirek\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Mirek\AppData\Local\Temp\libnspr4.dll C:\Users\Mirek\AppData\Local\Temp\wywaepmfihtmroqog.exe C:\Users\Mirek\AppData\Local\Temp\~tmf7523311638305632302.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 13 Restore point made on: 2013-10-11 22:40:50 Restore point made on: 2013-10-13 01:19:59 Restore point made on: 2013-10-13 20:05:43 Restore point made on: 2013-10-14 20:01:13 Restore point made on: 2013-10-15 20:27:18 Restore point made on: 2013-10-16 20:01:21 Restore point made on: 2013-10-17 19:06:43 Restore point made on: 2013-10-18 17:00:41 Restore point made on: 2013-10-19 04:35:22 Restore point made on: 2013-10-20 20:06:35 Restore point made on: 2013-10-21 20:12:32 Restore point made on: 2013-10-22 20:23:16 Restore point made on: 2013-10-23 07:02:26 ==================== Memory info =========================== Percentage of memory in use: 22% Total physical RAM: 3068.2 MB Available physical RAM: 2373.43 MB Total Pagefile: 3066.35 MB Available Pagefile: 2365.26 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:285 GB) (Free:41.08 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (RECOVERY) (Fixed) (Total:12.79 GB) (Free:2.14 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 Drive g: (2013-10-23) (CDROM) (Total:4.38 GB) (Free:1.67 GB) UDF Drive h: () (Removable) (Total:7.6 GB) (Free:7.6 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 07FDFE9D) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=285 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ======================================================== Disk: 1 (Size: 8 GB) (Disk ID: 01926BA7) Partition 1: (Active) - (Size=8 GB) - (Type=0B) LastRegBack: 2013-10-20 20:48 ==================== End Of Log ============================